Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS152320.roa
File:                     AS152320.roa (raw, json)
Hash identifier:          mGqKH+IWDG/Y3dhvtfFhgEtL55r1z2JK3lDp4QPvE/0=
Subject key identifier:   32:4D:9D:A7:0E:7B:4A:EA:AD:22:26:26:2E:22:D5:E2:4B:F2:82:FC
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3166C4271665A215FFB905B12D377E9BD6AF2A99
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS152320.roa
Signing time:             Mon 30 Mar 2026 08:41:40 +0000
ROA not before:           Mon 30 Mar 2026 08:36:40 +0000
ROA not after:            Mon 29 Mar 2027 08:41:40 +0000
asID:                     152320
IP address blocks:        84.75.202.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 Apr 2026 10:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:66:c4:27:16:65:a2:15:ff:b9:05:b1:2d:37:7e:9b:d6:af:2a:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 30 08:36:40 2026 GMT
            Not After : Mar 29 08:41:40 2027 GMT
        Subject: CN=324D9DA70E7B4AEAAD2226262E22D5E24BF282FC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:e9:08:ad:2c:12:8e:ea:43:2f:92:f9:32:4f:
                    f6:5a:50:16:46:d3:af:53:2f:d5:fc:4c:6c:96:4c:
                    79:77:67:69:fa:e7:82:ab:72:3d:27:d1:73:cd:8a:
                    3c:56:a8:4f:12:f1:4a:fc:d9:10:d9:e3:82:51:20:
                    64:c0:16:ad:4b:e5:25:70:de:75:2d:61:b9:30:ed:
                    40:d1:a6:ee:41:6c:5f:c1:dd:5b:fe:30:e7:45:7e:
                    72:9c:0c:b3:b9:98:1a:99:da:9b:17:51:2d:c8:65:
                    b3:bd:50:48:38:dd:d6:4f:c7:6f:f5:7f:e8:0d:66:
                    f8:93:e1:36:3f:7f:27:29:f3:69:c3:cc:f0:47:ef:
                    fc:21:b4:3e:80:06:84:6d:de:40:85:d8:8b:7f:f2:
                    a7:e5:be:34:d1:17:2e:25:a9:52:6a:06:cf:8b:9e:
                    16:9f:b0:93:c0:01:1d:d9:cb:c0:45:c1:45:00:89:
                    50:2b:86:8c:30:22:6c:2e:88:35:76:ff:4f:52:af:
                    f6:ff:2c:4f:27:56:ad:f7:e2:9f:09:9f:85:8f:e4:
                    ad:ae:10:f6:a3:87:20:00:75:3f:8d:64:f6:04:97:
                    06:11:3c:21:b0:1e:d9:6d:63:3d:b4:71:c2:71:7d:
                    3d:d4:10:00:9b:a2:af:0f:1b:31:8d:22:aa:2c:87:
                    fa:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:4D:9D:A7:0E:7B:4A:EA:AD:22:26:26:2E:22:D5:E2:4B:F2:82:FC
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS152320.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.75.202.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:59:15:94:8d:78:ac:5a:41:d8:c7:47:21:06:24:b0:56:a3:
         52:02:8e:94:01:b5:03:a0:97:7b:4f:da:b9:f0:36:22:ee:b4:
         ef:e5:09:4d:93:f6:f6:f7:63:ee:7d:48:64:c8:90:18:37:19:
         5c:7a:a2:6d:c7:6a:82:ae:ef:79:23:1b:aa:52:e5:86:ab:fa:
         ac:75:63:70:6a:61:8c:0f:d9:b7:93:6e:44:49:dc:8e:cb:21:
         da:24:74:a6:24:db:34:b9:83:43:de:03:a1:49:ba:64:f1:4e:
         82:7d:26:ed:99:68:a7:c2:d7:d1:1c:be:22:66:b7:4e:b9:96:
         49:d7:16:31:46:a4:04:d5:c2:bc:81:f2:49:7a:34:4c:a9:ca:
         1c:bc:5a:32:40:41:15:51:f5:7f:9d:6b:30:97:8d:53:f8:ff:
         27:a5:57:a9:f8:2a:a3:3e:75:81:af:e8:24:39:41:e5:d3:80:
         77:7b:fa:4f:b9:63:9a:8a:ad:28:3a:df:48:e9:7a:da:48:ce:
         84:c7:68:c1:de:9a:61:30:c9:58:8c:ec:14:27:8e:1b:3e:46:
         3b:ae:ef:2a:ce:81:8e:35:9a:71:e5:a9:36:dd:b0:82:7b:dd:
         58:cf:8a:91:11:9f:02:df:7c:91:33:33:a1:e2:a5:e3:7a:14:
         bb:ba:fe:fa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUMWbEJxZlohX/uQWxLTd+m9avKpkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMzAwODM2NDBaFw0yNzAzMjkwODQxNDBaMDMxMTAvBgNV
BAMTKDMyNEQ5REE3MEU3QjRBRUFBRDIyMjYyNjJFMjJENUUyNEJGMjgyRkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDu6QitLBKO6kMvkvkyT/ZaUBZG
069TL9X8TGyWTHl3Z2n654Krcj0n0XPNijxWqE8S8Ur82RDZ44JRIGTAFq1L5SVw
3nUtYbkw7UDRpu5BbF/B3Vv+MOdFfnKcDLO5mBqZ2psXUS3IZbO9UEg43dZPx2/1
f+gNZviT4TY/fycp82nDzPBH7/whtD6ABoRt3kCF2It/8qflvjTRFy4lqVJqBs+L
nhafsJPAAR3Zy8BFwUUAiVArhowwImwuiDV2/09Sr/b/LE8nVq334p8Jn4WP5K2u
EPajhyAAdT+NZPYElwYRPCGwHtltYz20ccJxfT3UEACboq8PGzGNIqosh/rnAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUMk2dpw57SuqtIiYmLiLV4kvygvwwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUyMzIwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVEvK
MA0GCSqGSIb3DQEBCwUAA4IBAQAfWRWUjXisWkHYx0chBiSwVqNSAo6UAbUDoJd7
T9q58DYi7rTv5QlNk/b292PufUhkyJAYNxlceqJtx2qCru95IxuqUuWGq/qsdWNw
amGMD9m3k25ESdyOyyHaJHSmJNs0uYND3gOhSbpk8U6CfSbtmWinwtfRHL4iZrdO
uZZJ1xYxRqQE1cK8gfJJejRMqcocvFoyQEEVUfV/nWswl41T+P8npVep+CqjPnWB
r+gkOUHl04B3e/pPuWOaiq0oOt9I6XraSM6Ex2jB3pphMMlYjOwUJ44bPkY7ru8q
zoGONZpx5ak23bCCe91Yz4qREZ8C33yRMzOh4qXjehS7uv76
-----END CERTIFICATE-----